Websites, web applications and web servers contain sensitive data that is the target of increasingly sophisticated cyberattacks. In fact, web applications had the largest volume of attacks in 2017. As you adopt an increasing number of websites, applications, and APIs on multiple cloud environments, you need a solution that improves visibility and centralizes control without jeopardizing performance. Compliance requirements, such as PCI, mandate that you have effective web application protection. Midsize enterprises especially need enterprise-grade web application protection that is cost-effective, flexible and simple to manage.

Cloudflare WAF, DDoS Protection and CDN from the OPAQ Cloud

OPAQ Web Application Firewall provides WAF security powered by Cloudflare from the OPAQ Cloud. Featured in Gartner’s Magic Quadrant for Web Application Firewalls, Cloudflare is trusted by more than 7 million applications and APIs. OPAQ WAF protects against web application security flaws and common vulnerabilities, including SQL injection, cross-site scripting (XSS), cross-site forgery, zero-day attacks and more. Advanced DDoS protection is also included, which is essential as the volume and intensity of such attacks continue to rise.

OPAQ WAF has the ability to:

  • Automatically update and block threats from all 7 million websites on the Cloudflare network
  • Protect websites from the OWASP top 10 vulnerabilities
  • Meet PCI 6.6 compliance requirements so you avoid liabilities and non-compliance penalties

Features of Web Application Firewall

Web Application Firewall

• Ensures real-time prevention against automated attacks, SQL injection, XSS JavaScript injections and other real-time POST actions. Built-in rules thwart common attacks against popular applications, including WordPress, Joomla and others.

• Protects against the top vulnerabilities identified by OWASP.

Content Delivery Optimization

• Our globally distributed Pods provide users with location-based access to your website, which removes latency and improves performance and user experience.


• Universal SSL & TLS 1.2 & 1.3 Encryption – The OPAQ Cloud is compatible with your existing SSL configuration, or if you require SSL capabilities OPAQ can provide you with these features without configuration requirements. SSL can be activated instantly and supports all browsers.

• Opportunistic Encryption enables HTTP-only domains which are unable to upgrade to HTTPS to benefit from encryption and web optimization features.

• Offers automatic HTTPS rewrites that eliminate mixed content issues, while improving performance and delivering security. This capability rewrites insecure URLS dynamically from known hosts to their secure counterpart, which forces a secure connection and delivers the latest security standards only available over HTTPS.

• Delivers TLS optimization that improves your websites SSL connection to ensure a fast HTTPS experience for your visitors.

• You can choose between our issued SSL certificates, or your own dedicated SSL certificate by uploading to our network. Also supports EV certificates.

WAF Challenge (CAPTCHA)

• Utilizes collective intelligence to instantly detect new threats and ensure protection is extended to our entire customer base.

• Delivers reputation-based threat protection for your websites by blocking known malicious threats. You will be able to customize levels of security by site.

• Provides spam protection and blocks spammers from posting to your website.

• Protects against web content scrapers and protects all content, including text, images and email addresses, from web scrapers.

• You can fully block or challenge visitors from obtaining access to your site. Enables you to distinguish visitor access by country, IP address, or AS number.

DDoS Protection Pro

• Protects Layer 7. Automatically detects sudden changes in traffic levels and protects against layer 7 DDoS attacks, such as POST floods or DNS-based attacks, so they never hit the origin server.

DDoS Protection Advanced

• Enables legitimate traffic to reach your website, while prohibiting illegitimate or malicious traffic at the edge before it hits your server.

• Protects Layers 3 and 4. Automatically stops TCP SYN, UDP, and ICMP attacks at the edge so they do not hit the origin server.

• Protects Layer 7. Automatically detects sudden changes in traffic levels and protects against layer 7 DDoS attacks, such as POST floods or DNS-based attacks, so they never hit the origin server.

• Backed by a full SLA. Keeps your website online no matter the size, type or duration of the DDoS attack.

WAF Load Balancing

• Frequency of health checks – the platform delivers health checks with fast failover to rapidly route your visitors away from failures.

• Global Load Balancing (Geo-Based Routing) – You can have local and global load balancing to reduce latency by load balancing traffic across multiple servers or by routing traffic to the closest geolocation region.

WAF Rate Limiting

• Enables you to designate rate limiting rules in different “modes.” For example, “Live” mode is when a Rate Limiting rule becomes active on your website, application or API; whereas, “simulate” mode allows you to test a Rate Limiting rule to determine request traffic and adjust accordingly.

• Origin response code for rate limiting: this feature enables you to choose when the origin server should serve a response code to visitors who exceed Rate Limiting thresholds.

WAF Network Optimizer

• Achieve web optimization to ensure the connection between the origin server and the network is as fast as possible. This capability moves from object—level caching to block-level caching, achieving a 99.6% compression ratio for previously uncacheable web objects. This results in an average of 730% performance increase.